There are many (small) risks and threats which are frequently overlooked in an organization. The presentation takes a look at where Risks & Threats (RaT) come from and at the "Biggies" in the RaT Lists. We look at a few Frequently Overlooked Threats and Risks (FORT) and Course Correction Options and finally a few Case Studies to highlight FORTs
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
Cybersecurity and cybercrime organizations must be created with great planning but that is not happening anywhere. In India we have a plethora of organizations sprouting up in every domain and we all know too many cooks spoil the broth. I make a case for governance at the national and state level and make the case for having a planned structure that will ensure good security, good response and offense too, if needed.
Bug bounty program offer numerous benefits to the sponsoring companies. Government organizations as well as private organizations will benefit if they have bug hunters sniffing around on their network.
Incident management and response is a highly specialized job requiring the information Security professional to have multifaceted skills in technology, business, finance, HR and more. In fact the Incident Response professional needs to know so much in terms of technology, people skills or reaction time that he/she might as well be a superhuman!
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
Internet (or Cyber) Governance has a long way to go and is presently fraught with confusion - this being a global phenomenon. Then there is the Internet of Things coming up at top speed which means that we have to face up to the risks that come with the convenience ! A solution for governance and some insight into the IoT risks were presented at the Defcon-OWASP Conference in Lucknow (India) on February 22, 2015
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
Governance in Cybercrime and Cybersecurity orgns - final distribution Organiz...Dinesh O Bareja
Cybersecurity and cybercrime organizations must be created with great planning but that is not happening anywhere. In India we have a plethora of organizations sprouting up in every domain and we all know too many cooks spoil the broth. I make a case for governance at the national and state level and make the case for having a planned structure that will ensure good security, good response and offense too, if needed.
Bug bounty program offer numerous benefits to the sponsoring companies. Government organizations as well as private organizations will benefit if they have bug hunters sniffing around on their network.
Incident management and response is a highly specialized job requiring the information Security professional to have multifaceted skills in technology, business, finance, HR and more. In fact the Incident Response professional needs to know so much in terms of technology, people skills or reaction time that he/she might as well be a superhuman!
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaDinesh O Bareja
Internet (or Cyber) Governance has a long way to go and is presently fraught with confusion - this being a global phenomenon. Then there is the Internet of Things coming up at top speed which means that we have to face up to the risks that come with the convenience ! A solution for governance and some insight into the IoT risks were presented at the Defcon-OWASP Conference in Lucknow (India) on February 22, 2015
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
Cyber Security & Data Protection India Summit 2018 aims to convene the best minds in Cybersecurity under one roof to create an interactive milieu for exchange of knowledge and ideas. The event will endeavour to address the emerging and continuing threats to Cybersecurity and its changing landscape, as well as respond to increasing risk of security breaches and security governance, application security, cloud based security, Network, Mobile and endpoint security and other cyber risks in the India and abroad.
This presentation was discussed in a Webinar with MetricStream in September 2016. It is applicable for small, medium and large businesses when considering information and cyber security risk.
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
What a year 2014 has been for cybercriminals! It’s time to take a look back at 2014 and learn what’s in store for 2015. How much further will cybercriminals go? What new techniques will we see? What are the main threats we should be wary of in 2015?
From new malware families to PC grade mobile malware, from persistent PC Trojans to cloud based criminal services –cybercriminals have been keeping busy with new and advanced techniques.
In this session, IBM Security’s Senior Fraud Prevention Strategist, Etay Maor, will take you through the top stories that made waves in in 2014’s cybercrime threat environment and review at the upcoming cybercrime trends for 2015.
We will look some of the biggest (and baddest) in cybercrime innovation, showcasing specific attacks that highlight the ingenuity observed in 2014 and discuss what we can expect in terms of PC and mobile fraud in 2015.
In this presentation, you will learn about:
– Latest malware attacks and evasion techniques
– How organizations failed to prevent attacks in 2014
– Forecast of how recent attacks will affect attacks in 2015
View the full on-demand webcast: https://attendee.gotowebinar.com/recording/4171628843485100290
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
Humans
the weakest link in cybersecurity
“Amateurs hack systems, professionals hack people.”
Companies are built by the people it hires, yet, if you
ask the Chief Information Security Officer about their
weakest link, more often than not, they will say that it’s
the very same people that make the company.
Furthermore, according to a report by CybSafe’s
analysis of data from the UK Information Commissioner’s Office (ICO), human error was the cause of
approximately 90% of data breaches in 2019!
How to quantify human risk in your organization visit : https://www.safe.security/safe/people/
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
If you are interested in understsanding a bit more the potential of Artifical Intelligence in Cybersecurity, you might want to have a look at this overview.
Written from my CISO -and non AI expert- point of view, for fellow security professional to navigate the AI hype, and (hopefully!) make better, informed decisions :-)
All feedback welcome !
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
What a year 2014 has been for cybercriminals! It’s time to take a look back at 2014 and learn what’s in store for 2015. How much further will cybercriminals go? What new techniques will we see? What are the main threats we should be wary of in 2015?
From new malware families to PC grade mobile malware, from persistent PC Trojans to cloud based criminal services –cybercriminals have been keeping busy with new and advanced techniques.
In this session, IBM Security’s Senior Fraud Prevention Strategist, Etay Maor, will take you through the top stories that made waves in in 2014’s cybercrime threat environment and review at the upcoming cybercrime trends for 2015.
We will look some of the biggest (and baddest) in cybercrime innovation, showcasing specific attacks that highlight the ingenuity observed in 2014 and discuss what we can expect in terms of PC and mobile fraud in 2015.
In this presentation, you will learn about:
– Latest malware attacks and evasion techniques
– How organizations failed to prevent attacks in 2014
– Forecast of how recent attacks will affect attacks in 2015
View the full on-demand webcast: https://attendee.gotowebinar.com/recording/4171628843485100290
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
Humans
the weakest link in cybersecurity
“Amateurs hack systems, professionals hack people.”
Companies are built by the people it hires, yet, if you
ask the Chief Information Security Officer about their
weakest link, more often than not, they will say that it’s
the very same people that make the company.
Furthermore, according to a report by CybSafe’s
analysis of data from the UK Information Commissioner’s Office (ICO), human error was the cause of
approximately 90% of data breaches in 2019!
How to quantify human risk in your organization visit : https://www.safe.security/safe/people/
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
If you are interested in understsanding a bit more the potential of Artifical Intelligence in Cybersecurity, you might want to have a look at this overview.
Written from my CISO -and non AI expert- point of view, for fellow security professional to navigate the AI hype, and (hopefully!) make better, informed decisions :-)
All feedback welcome !
Cyber Security Professionals Viewed via Supply Chainaletarw
This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
Over 10,000 new cybersecurity technologies are developed each year yet we do not see a correlating decrease in cybersecurity threats. This is because cybersecurity isn’t a mere computer science problem. The most vulnerable part in the security chain is humans. But humans are also a valuable asset in countering cybersecurity threats. A kaleidoscope is constantly changing pattern or sequence of elements. In cyber we need to shake the kaleidoscope to create new ways of both identifying and solving problems.
This presentation will be somewhat unorthodox. Maurushat will weave a story through the thread of human behaviour and cybersecurity with the primary objective of making sense out of chaos. What do Mars Bars, Perestroika, Carrots, Transylvania, Robin Hood, Talin, Majong, Anti-Vaccination, the Mayor of Montreal, Tails and Pineapples have to do with cybersecurity?
In her presentation, Professor Maurushat encapsulates key human behaviour issues in cybersecurity based on 17 years of experience and research in ethical hacking, vulnerability markets, cybercrime investigations and cybersecurity policy consultation with governments and intelligence agencies.
There are no easy answers to cybersecurity challenges. However, this presentation will stimulate thinking about how to use the power of human behaviour to improve cybersecurity through emerging fields of behaviour data engineering, artificial intelligence, behavioural economics and neuro-diversity as evolution.
With mega-breaches like Anthem, OPM, IRS, Ashley Madison, UCLA Health and TalkTalk all within the past 12 months, chances are your data has been targeted. What does this mean for 2016?
Review this presentation and learn:
• Why cyber attacks continue to increase in sophistication, magnitude and velocity
• What trends will have the largest and smallest impact on cyber security in 2016
• Why cloud-based apps and the Internet of Things have transformed cyber security
• How you can protect your organization from attacks from the inside
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
As a Linked In member you are networking which is the reason why LI was set up. However you need to mind your manners when connecting. I got hassled with the Linked In connection requests and put this presentation together to get some people to understand the basics / essentials of good behavior (as I like it!)
Information Security Management Education Program - Concept Document Dinesh O Bareja
Information security training is incomplete which ever way one sees it - the techie lacks a lot of stuff and so does the non-techie. This is a concept to make changes and build an education program which will actually create professionals having good skills.
How communities can support and collaborate with public agencies in Disaster response. Provides an insight into our thinking about public private partnership and DR concepts
20090115
Business - IT Alignment Increases Value Of ITDinesh O Bareja
Aligment of IT and business is a chimera and everyone is chasing it. Achieveing alignment will provide great value to the organization.
Presented at ISACA Annual Conference in Chennai.
Cyberwar, cyberwarfare are on everyone's lips but mean nothing as they are least understood and still need to be defined! Yet we have everyone who means something - standing on the rooftops and rattling their swords. The question is = is India ready - this is explored in the presentation. Indian institutions, cyber practices and the way ahead.
Common sense is the most important element in Information Security and I am working in the IS domain! So who knows this better than me. The problem is the people (generally) and so many IS clients and professionals do not realize this simple fact.
I am prompted by this knowledge and realization gap to present Common Sense 101 - a compilation of CS resources from all over the net - hoping it makes sense to you and you benefit from it in your practice.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
With an increasing prevalence of cloud services, end user computing and third party delivery - many organisations are having to monitor security controls at arms length where they don't have direct contact or access
We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
APNIC Senior Security Specialist Adli Wahid provides some useful findings of lessons learned from security incidents at the UMS Cybersecurity Awareness Seminar, held online on 25 October 2021.
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
Security and privacy are crucial elements for protecting digital assets. As the use of technology continues to increase, so does the risk of cyber-attacks and data breaches.
Presentation given by Dr K Subramanian, Director and Professor, Advance Centre for Informatic and Innovative Learning IGNOU on August 3rd, 2011 at eWorld Forum (www.eworldforum.net) in the session Information Management and Security
Presentacion realizada en Argentina y Paraguay Durante Marzo 2014.
En Argentina por Faustino Sanchez. En Paraguay por Santiago Cavanna.
Trata sobre el problema de la presencia de vulnerabilidades en aplicaciones, el impacto que tiene en las organizaciones y la forma que se encuentra disponible para descubrirlas en forma temprana y facilitar su remediacion
Links disponibles en
http://www.santiagocavanna.com/segurinfo-2014-el-costo-oculto-de-las-aplicaciones-vulnerables/
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
Let us delve into strategies to safeguard your business's intellectual property (IP) and avoid leaks. Explore how Confiex's Virtual Data Room acts as a fortress against unauthorized access, ensuring your sensitive data and valuable IP remain protected at all times.
Source- https://confiexdataroom.com/blog/data-room/virtual-data-room/how-to-avoid-business-ip-leaks/
First line of defense for cybersecurity : AIAhmed Banafa
The year 2017 wasn't a great year for cyber-security; we saw a large number of high-profile cyber attacks; including Uber, Deloitte, Equifax and the now infamous WannaCry ransomware attack, and 2018 started with a bang too with the hacking of Winter Olympics.
The frightening truth about increasingly cyber-attacks is that most businesses and the cybersecurity industry itself are not prepared. Despite the constant flow of security updates and patches, the number of attacks continues to rise.
WFH Cybersecurity Basics Employees and Employers Dinesh O Bareja
Work from home (WFH) is the new normal. The covid19 pandemic, has thrown everyone, across the world into a struggle (and challenge) for survival. While we stand up to the challenge, we have to set our rules for WFH, with cybersecurity safeguards.
Changes in the world have brought about changes in our lives and at present there are events that are making huge changes. Cyber security demands will also change as we come out into a new world order. We look at skills needed.
Basics in IT Audit and Application Control Testing Dinesh O Bareja
IT Audit and Application Control Testing are large and complex activities in themselves, and it is my presentation to share the basics here, based on my own experience and using guidance from IIA GTAGs.
India Top5 Information Security Concerns 2013Dinesh O Bareja
Indian Information Security scenario, and the global one too, leaves much to be desired - this report covers concerns about InfoSec in this year. A straightforward document with lots of practical insights about what ails Information and Data Security in Government, Business and Users.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. • Where Risks & Threats come from
• “Biggies” in the RaT Lists
• (Generally) Overlooked RaTs
• Course Correction Options
• Case Studies
Copenhagen Compliance, Mumbai.
October 08,2013
3. Present day RaTs usually arise from …
•
•
•
•
•
Non-compliance
Competition
People, Processes, Technology Weaknesses
Ignorance, Errors, Accidents
Manual Controls
Copenhagen Compliance, Mumbai.
October 08,2013
6. Top 10 Enterprise Security Predictions
1. Targeted Attacks
2. Signed malware
4. Non-Windows attacks
5. Ransomware
6. Impact of changing regulations
7. Need for incident response
8. Security Process Automation
9. Connected Devices
10. Bring Your Own Application
(BYOA)
Copenhagen Compliance, Mumbai.
October 08,2013
7. However, today I am not
here to talk about the ‘big’
bad stuff
Why !
Because every InfoSec
effort is made to secure the
enterprise from tsunamis, Today’s focus
tidal waves, pandemics etc is on this little
guy and his
small friends
Copenhagen Compliance, Mumbai.
October 08,2013
8. The story of the ant felling an elephant is part
of folklore and may be true.
Human tendency is to shut down risk antennae
when faced with unfamiliar scenarios.
These are explained with cute explanations like
“unknown knowns”, “black swans”, “pig out of
the sty”
All this time destiny / fate / fatality will be
staring in the face but still you don’t buy
insurance
Copenhagen Compliance, Mumbai.
October 08,2013
9. Hardening
Configuration
Patch Mgt
Incident
DR
Anti Piracy: Software License Management
VAPT
Encryption (Voice/Data)
Mobile Computing
Data Classification
Home Computing
Spear Phishing
Secure Software Development
Privilege User and God
Management
Background Checks, Exit Programs
Copenhagen Compliance, Mumbai.
October 08,2013
10. • Asset Management (disposal):
– Photocopier hard drive goes out during maintenance
– Recirculation and trade-in of assets
• Background Check:
– InfoSec consultant is an unknown person who is provided access
to all crown jewels
– Simple NDAs
– Guards (on premises and in cash-vans)
• God’s and Godmen:
– SysAdmin / DataAdmin / DLP Admin is an unknown entrusted
with safekeeping
– DLP Admin – someone who has to power to read all mails
• 1
Copenhagen Compliance, Mumbai.
October 08,2013
11. • Blind Faith in Technology:
– Logs are collected but not read; one is safe because
the appliance did not give an alert
– Complacence after implementation of security
technology
– InfoSec consultant provided advice is always correct
• Me, My Machine at my Home
• Overlooking Social Media
• Awareness and Training is a common function
leading to lack of awareness culture
Copenhagen Compliance, Mumbai.
October 08,2013
12. • Not mentioned in this RaT list
– Hardware backdoors
– Software backdoors
– State Monitoring (PRISM, IMS)
– Information Sharing
– Passwords
Copenhagen Compliance, Mumbai.
October 08,2013
13. • Include cost-to-enterprise in risk assessment
• Prioritize risk icebergs based on impact size
rather than just hype and bug PR
• Start a bug bounty program and enable 24x7
network testing (nearly) free-of-cost
Copenhagen Compliance, Mumbai.
October 08,2013
14. • Re-look at those itsy bitsy pieces of technology
feel-good paraphernalia around the
organization: fingerprint readers, access cards,
certificate on your wall
• Reach out to the ethical InfoSec community
Copenhagen Compliance, Mumbai.
October 08,2013
15. It has happened to the best and to the
biggest – Governments, corporations,
individuals
They have all been felled by an unknown
blackhat, or some virus / APT, or by virtue
of non-compliance or overlooking the
‘small’ stuff
Some recovered, some died – but one
thing is common: all suffered a big dent in
their reputation plus financial losses and
significant setbacks in their business.
Copenhagen Compliance, Mumbai.
October 08,2013
16. •
•
•
•
Up to 12,000 laptops are lost in United States airports each week
Between 65 and 70 percent of lost laptops are never reclaimed
Most laptops are lost at security checkpoints
53 percent of business travelers surveyed carry sensitive corporate
information on their laptop
• 65 percent of those who carry confidential information have not
taken steps to protect it while traveling
• 42 percent of respondents say they do not back up their data
- Lost Laptop and Business Traveler Study by Dell and the Ponemon Institute
The first study of its kind by wsa carried out in the first half of 2008. The Ponemon Institute surveyed 106 United
States airports and over 800 business travelers to understand the frequency with which laptops are lost in
airports and the steps business travelers are taking to protect sensitive information on corporate systems.
Copenhagen Compliance, Mumbai.
October 08,2013
18. Terry Childs
Judge ordered former city worker who locked San
Francisco out of its main computer network for 12
days in 2008 to pay nearly $1.5 million in restitution
Prosecutors said.' Keep in mind the network never
went down and no user services were denied, and
given that Terry Childs was the only one who had
admin access (for years prior) it is difficult to
understand how they came up in $1.5 million in
costs
In June 2008, he was arrested on computer
crime charges for refusing to divulge the passwords
to San Francisco's FiberWAN system to his
supervisors.
After being arrested he was held on $5 million
bail. He is also accused of tampering with the
network and subversively avoiding auditing checks
Copenhagen Compliance, Mumbai.
October 08,2013
20. March 2000 :
• WINTECH COMPUTERS circa late 90’s
'I want to be the Bill
Gates of India's
170 operational centers all over the
computer education
country, nearly 1,700 employees, and at
industry.'
least 40 students per institute
– Murtuza Mathani,
Wintech CEO.
Raid carried out on the company in
September 2000 by Mumbai Police and
officials a private investigating firm.
Wintech Computers had no license to teach May 2001:
Oracle® software
Mathani's
whereabouts
The Rest is History
unknown
Copenhagen Compliance, Mumbai.
October 08,2013
21. There are many ‘small’ things lying around with enough
power to trip your organization
If you have not yet assimilated information security and
management into the mainstream of your business…
wake up !
Copenhagen Compliance, Mumbai.
October 08,2013
23. There are many ‘small’ things lying around with enough
power to trip your organization
If you have not yet assimilated information security and
management into the mainstream of your business…
wake up !
Plough the InfoSec field deeper, as deep as can do!
Copenhagen Compliance, Mumbai.
October 08,2013
25. •
Professional Positions
–
–
–
–
•
Open Security Alliance (Principal and CEO)
Jharkhand Police (Cyber Surveillance Advisor)
Pyramid Cyber Security & Forensics (Principal Advisor)
Indian Honeynet Project (Co Founder)
Professional skills and special interest areas
– Security Consulting and Advisory services for IS Strategy, Architecture,
Analysis, Policy Development, Optimization
– Technologies: SOC, DLP, IRM, SIEM…
– Practices: Incident Response, SAM, Forensics, Regulatory guidance..
– Community: mentoring, training, citizen outreach, India research..
•
Blogger, Occasional columnist, wannabe photographer, research & survey
Copenhagen Compliance, Mumbai.
October 08,2013
26. Contact Information
E: dinesh@opensecurityalliance.org
T: +91.9769890505
Twitter: @bizsprite
Facebook: dineshobareja
L: http://in.linkedin.com/in/dineshbareja
Acknowledgements & Disclaimer
Various resources on the internet have been referred to contribute to the information presented.
Images have been acknowledged where possible and if we have infringed on your rights it is
unintentional – we assure you the removal immediately on being notified. The use of company
names, brand names, trade marks are only to facilitate understanding of the message being
communicated - no claim is made to establish any sort of relation (exclusive or otherwise) by the
author(s), unless otherwise mentioned. Apologies for any infraction, as this would be wholly
unintentional, and objections may please be communicated to us for remediation of the
erroneous action(s).
Copenhagen Compliance, Mumbai.
October 08,2013